Python no OPENSSL_Applink

Question

我试图创建一个x.509证书，但我一直遇到如下所示的错误OPENSSL_Uplink(00007FF944EF2000,08): no OPENSSL_Applink。我并不确定如何继续。

当我搜索的时候，我发现有人建议采用“生物”来打开该文件，但我不知道该怎么做...任何帮助将不胜感激。

import time 
from M2Crypto import X509, EVP, RSA, ASN1 

KeyLength=2048 

CAName='TS.CN'    
ServerName='CF.CN' 

CAKeyFile='ca.key' 
CACerFile='ca.cer' 
ServerKeyFile='server.key' 
ServerCerFile='Server.cer' 


def mk_ca_issuer(): 
    """ 
    Our default CA issuer name. 
    """ 
    issuer = X509.X509_Name() 
    issuer.C = 'CN' 
    issuer.CN = CAName 
    issuer.ST = 'TS' 
    issuer.L = 'TS' 
    issuer.O = 'TS' 
    issuer.OU = 'TS' 
    return issuer 


def mk_cert_valid(cert, days=365): 
    """ 
    Make a cert valid from now and til 'days' from now. 
    Args: 
     cert -- cert to make valid 
     days -- number of days cert is valid for from now. 
    """ 
    t = long(time.time()) 
    now = ASN1.ASN1_UTCTIME() 
    now.set_time(t) 
    expire = ASN1.ASN1_UTCTIME() 
    expire.set_time(t + days * 24 * 60 * 60) 
    cert.set_not_before(now) 
    cert.set_not_after(expire) 


def mk_request(bits, cn='CF.CN'): 
    """ 
    Create a X509 request with the given number of bits in they key. 
    Args: 
     bits -- number of RSA key bits 
     cn -- common name in the request 
    Returns a X509 request and the private key (EVP) 
    """ 
    pk = EVP.PKey() 
    x = X509.Request() 
    rsa = RSA.gen_key(bits, 65537, lambda: None) 
    pk.assign_rsa(rsa) 
    x.set_pubkey(pk) 
    name = x.get_subject() 
    name.C = 'CN' 
    name.CN = cn 
    name.ST = 'TS' 
    name.O = 'TS' 
    name.OU = 'TS' 
    x.sign(pk,'sha1') 
    return x, pk 


def mk_cacert(): 
    """ 
    Make a CA certificate. 
    Returns the certificate, private key and public key. 
    """ 
    req, pk = mk_request(KeyLength) 
    pkey = req.get_pubkey() 
    cert = X509.X509() 
    cert.set_serial_number(1) 
    cert.set_version(2) 
    mk_cert_valid(cert) 
    cert.set_issuer(mk_ca_issuer()) 
    cert.set_subject(cert.get_issuer()) 
    cert.set_pubkey(pkey) 
    cert.add_ext(X509.new_extension('basicConstraints', 'CA:TRUE')) 
    cert.add_ext(X509.new_extension('subjectKeyIdentifier', cert.get_fingerprint())) 
    cert.sign(pk, 'sha1') 
    return cert, pk, pkey 


def mk_cert(): 
    """ 
    Make a certificate. 
    """ 
    cert = X509.X509() 
    cert.set_serial_number(2) 
    cert.set_version(2) 
    mk_cert_valid(cert) 
    cert.add_ext(X509.new_extension('nsComment', 'SSL sever')) 
    return cert 


def mk_casigned_cert(): 
    """ 
    Create a CA cert + server cert + server private key. 
    """ 
    # unused, left for history. 
    cacert, pk1, _ = mk_cacert() 
    cert_req, pk2 = mk_request(KeyLength, cn=ServerName) 
    cert = mk_cert() 
    cert.set_issuer(cacert.get_issuer()) 
    cert.set_subject(cert_req.get_subject()) 
    cert.set_pubkey(cert_req.get_pubkey()) 
    cert.sign(pk1, 'sha1') 
    return cacert, cert,pk1, pk2 


if __name__ == '__main__': 
    cacert, cert, pk1,pk2 = mk_casigned_cert() 

    with open(CACerFile, 'w') as f: 
     f.write(cacert.as_pem()) 
    with open(ServerCerFile, 'w') as f: 
     f.write(cert.as_pem()) 
    with open(CAKeyFile, 'w') as f: 
     f.write(pk1.as_pem(None)) 
    with open(ServerKeyFile, 'w') as f: 
     f.write(pk2.as_pem(None)) 

    # Sanity checks... 
    cac = X509.load_cert(CACerFile) 
    print cac.verify(), cac.check_ca() 
    cc = X509.load_cert(ServerCerFile) 
    print cc.verify(cac.get_pubkey()) 

Answer 1

从OpenSSL的常见问题解答的题目I've compiled a program under Windows and it crashes下：

这通常是因为你已经错过了INSTALL.W32评论。你 应用程序必须链接到同一个版本所针对的OpenSSL库被链接的Win32的C运行时 的。 OpenSSL的默认版本 是/ MD - “多线程DLL”。

如果您使用的是Microsoft Visual C++的IDE（Visual Studio），在许多 的情况下，您的新项目很可能默认为“Debug Singlethreaded” -/ML。这是不是与/ MD和你 程序互换会崩溃，通常在第一次BIO相关的读取或写入操作 。

对于Win32中的六个可能的链接阶段配置中的每一个， 您的应用程序必须与建立的OpenSSL为 的链接相同。如果你正在使用微软的Visual C++（工作室），这可以通过改变：

1. Select Settings... from the Project Menu. 
2. Select the C/C++ Tab. 
3. Select "Code Generation from the "Category" drop down list box 
4. Select the Appropriate library (see table below) from the "Use 
run-time library" drop down list box. Perform this step for both 
your debug and release versions of your application (look at the 
top left of the settings panel to change between the two) 

Single Threaded   /ML  - MS VC++ often defaults to 
             this for the release 
             version of a new project. 
Debug Single Threaded  /MLd  - MS VC++ often defaults to 
             this for the debug version 
             of a new project. 
Multithreaded    /MT 
Debug Multithreaded  /MTd 
Multithreaded DLL   /MD  - OpenSSL defaults to this. 
Debug Multithreaded DLL /MDd 

注意，调试和发布库不能互换。如果您 内置的OpenSSL与/ MD您的应用程序必须使用/ MD和不能使用 /MDD。

按照0.9.8上述限制被消除了的.DLL。与一些特定的运行时间选项[我们坚持 默认/ MD]编译OpenSSL的 .DLL文件可以应用不同 选项，甚至不同的编译器编译部署。但是有一个问题！取而代之的 重新编译OpenSSL工具箱，因为你必须事先 版本中，你必须编译编译器和/或您所选择的选项 小C段。该片段被安装为 /include/openssl/applink.c，应要么加入 您的应用程序项目或只是＃包括-d的 您的应用程序源文件在一个[只有一个。如果未将此垫片模块链接到 ，则您的应用程序将自身显示为致命的“no OPENSSL_Applink” 运行时错误。明确提醒的是，在这种情况下 [混合编译器选项]，在首次调用OpenSSL之前添加CRYPTO_malloc_init 同样重要。